Microsoft wants more security researchers to hack into its cloud

Microsoft Corp. has what may sound like a counter-intuitive request: Please try to hack into Azure more often. The company isn’t encouraging malicious attacks but it does want security researchers to spend more time poking holes in its flagship cloud service so the company can learn about flaws and fix them. Many so-called White Hat hackers do this for the company’s older products like Windows, Office and browsers, but there aren’t enough working on Azure, said Kymberlee Price, who oversees community programs in Microsoft’s Security Response Center. The company is planning several steps to change that, including explicitly stating it won’t take legal action against researchers and creating a game-like reward system that gives successful bug-finders perks and bragging rights. Microsoft currently offers bug bounty payments for Azure, but “it’s just not getting as much activity as I would like to see,” Price added. It’s an issue Microsoft needs to worry about as it bets big on cloud services for revenue growth. The shift to cloud computing is changing cybersecurity, providing new opportunities and new challenges. One of the biggest risks is that Microsoft now runs services for customers in its cloud, which means the software giant is on the hook to protect them.